Upgraded to OpenSSL 3.0.13.
Upgraded to Intel(R) Integrated Performance Primitives (IPP) Cryptography library version 2021.11.
Upgraded to Protobuf 3.23.2.
Upgraded MbedTLS to 3.5.2.
Upgraded Intel DCAP Ring3 Abstraction Layer (R3AAL) library to support ConfigFS-TSM as communication channel between host and guest for TDX remote attestation.
Upgraded Intel DCAP Quote Verification Enclave to integrate OpenSSL/SgxSSL 3.0.13.
Upgraded new TDX attestation result “TD_RELAUNCH_ADVISED” in Intel DCAP Quote Verification Library (QVL) and Appraisal Engine.
Fixed bugs.
Published by llly 9 months ago
Supported new OS: Ubuntu* 23.10 64-bit Server version.
Upgraded to OpenSSL 3.0.12.
Upgraded MbedTLS to 3.5.0.
Added SM2 encrypt/decrypt algorithm to the GM/SM (PRC National Commercialr Cryptographic Algorithms) sample code.
Introduced the Intel® DCAP Appraisal Engine within quote verification library, empowering users to evaluate verification results against diverse policies.
Upgraded Intel SGX Quote Verification Enclave to integrate OpenSSL/SgxSSL 3.0.12.
Added Rust wrapper for quote provider library APIs.
Fixed bugs.
Published by llly 12 months ago
Upgraded to OpenSSL 3.0.10.
Added interoperable RA-TLS support which follows CCC design.
Enhanced Protect File System performance and added additional dependency libsgx_pthread.a.
Added the Constant Time instruction Decoder (CTD) into the default AEX-Notify mitigation handler in order to prevent the introduction of any additional subtle side channel leakages within the default handler.
Added Mistletoe 3 mitigations to the IPP Cryptography Library to the AES-ECB, AESGCM, and AES-CMAC algorithms. These have been incorporated transparently into the sgx_tcrypto library.
Resigned all Intel(R) SGX Architecture Enclaves.
Upgraded Intel SGX Quote Verification Enclave to integrate OpenSSL/SgxSSL 3.0.10.
Added Attestation Library support for Intel(R) TDX Migration TD.
Added Rust wrapper for low-level Quote Generation APIs.
Enabled SE_TRACE log in release binary.
Updated Rust QVL wrapper to use native Rust structure for quote verification collateral.
Added a limitation in the DCAP QVL to only allow the user to set the QvE load policy once.
Fixed bugs.
Published by llly about 1 year ago
Upgraded to OpenSSL 1.1.1u.
Introduced Intel(R) TDX 1.4 and 1.5 support.
Upgraded Ring3 Abstraction Layer (R3AAL) library to support Intel(R) TDX MVP 6.2 kernel.
Enhanced quote verification performance in multi-thread scenarios.
Fixed bugs.
Published by llly over 1 year ago
Supported the AEX (Asynchronous Enclave Exit) Notify feature.
Supported Mbed-TLS Cryptography library (excluding SSL/TLS portion) in Enclave.
Applied CVE-2023-1255, CVE-2023-0465, and CVE-2023-0466 patches to SgxSSL/OpenSSL 1.1.1t.
Upgraded to Intel(R) Integrated Performance Primitives (IPP) Cryptography library version 2021.7.
Upgraded Intel SGX Quote Verification Enclave to integrate updated SgxSSL.
Enhanced the attestation local cache functionality by giving users the option to provide their own cache file.
Enabled QPL/QCNL log in DCAP samples.
Fixed bugs.
Published by llly over 1 year ago
Supported the Key Separation and Sharing (KSS) feature in Simulation mode.
Upgraded to OpenSSL 1.1.1t.
Upgraded Intel(R) SGX Quote Verification Enclave to integrate SgxSSL/OpenSSL version 1.1.1t.
Added new API in quote verification library to extract FMSPC (Family-Model-Stepping-Platform-CustomSKU) value from ECDSA quote.
Added Rust support for SGX ECDSA quote generation.
Added Linux kernel 5.19 support in TDX R3AAL (Ring 3 Attestation Abstraction Layer).
Removed Protobuf in TDX QGS (Quote Generation Service) and R3AAL (Ring 3 Attestation Abstraction Layer).
Fixed bugs.
Published by llly almost 2 years ago
Fixed enclave load failure in environments where no symbolic links, /dev/sgx/{enclave, provision} are created to point to the default SGX device nodes exported by kernel, /dev/{sgx_enclave, sgx_provision}, respectively.
Published by llly almost 2 years ago
Along with the latest processor microcode address CVE-2022-21233.
Modified the Switchless library to have mitigations for the associated issue.
Added support for the Linux kernel APIs for the Enclave Dynamic Memory Management (EDMM) features that are available with the Linux kernel v6.0 or later. Refer to the SGX SDK developer reference for details on new trusted APIs and enclave configuration for the EDMM features.
Enabled C++17 within SGX SDK.
Supported AMX (Advanced Matrix Extensions) in Enclave.
Replace hardcoded Enclave signing keys in all sample projects with dynamically generated keys.
Added a new API to allow user to configure enclave internal cache size in the Protected File System library.
Upgraded to OpenSSL 1.1.1q and upgraded Intel(R) SGX Quote Verification Enclave to integrate SgxSSL/OpenSSL version 1.1.1q.
Supported new OS: Ubuntu* 22.04 LTS 64-bit Server version, CentOS* 8.3 64bits, Red Hat* Enterprise Linux* Server 8.6 (for x86_64), SUSE* Linux* Enterprise Server 15.4 64bits, Debian* 10 and Anolis* OS 8.6.
Upgraded Intel SGX QE3 to make it backward compatible.
Improved ECDSA quote generation and verification performance by caching PCK certificates and collaterals in memory and disk drive.
Added Java support for quote verification library.
Added new APIs to unify Intel SGX and TDX quote verification in Quote Verification Library.
Added Advisory ID in ECDSA quote verification supplemental data.
Added Intel TDX support in RA-TLS (Remote Attestation based TLS) library.
Improved TDX quote generation throughput in vsock mode.
Added Rust support for TDX quote generation.
Fixed bugs.
Published by andyzyb about 2 years ago
Along with the latest processor microcode address CVE-2022-21233.
- Modified the Edger8r to generate code with mitigations for the associated issue
- Modified the API memcpy and memcpy_s to have mitigations for the associated issue
Published by llly over 2 years ago
Along with the latest processor microcode and re-signed all the Intel(R) SGX Architecture Enclaves (AEs) to address CVE-2022-21123, CVE-2022-21125 and CVE-2022-21166.
Upgraded to Protobuf 3.20.
Upgraded to SgxSSL/OpenSSL 1.1.1o.
Added Intel TDX Attestation support.
Added Rust support for ECDSA quote verification.
Fixed bugs.
Published by llly over 2 years ago
Upgraded to OpenSSL 1.1.1m.
Provided RA-TLS (Remote Attestation based Transport Layer Security) APIs and Samples.
Supported PKRU (Protection Key rights Register) in Enclave.
Added APIs of SHA384 and VerifyReport2 to support TDX.
Enhanced QPL (Quote Provider Library) to support caching Intel PCK (Provisioning Certificate Key) certificate chain in local memory, or retrieving Intel PCK cert chain from local HTTP/S address.
Upgraded Intel ECDSA Quote Verification Enclave to integrate SgxSSL/OpenSSL version 1.1.1m.
Introduced Intel ID enclave for QE identity generation.
Fixed bugs.
Published by llly almost 3 years ago
Upgraded to OpenSSL 1.1.1l.
Published by lzha101 about 3 years ago
Upgraded Intel(R) Integrated Performance Primitives Cryptography library to version 2021 update 3.
Upgraded Intel(R) SGX Architecture Enclaves based on new IPP crypto library.
Added software prevention of fault injection attacks.
Upgraded to GNU Binutils 2.36.1. Stopped providing ld.gold (developers should use ld instead).
Supported Google Protobuf C++.
Enabled C++14 within SGX SDK.
Added SM2/3/4 Samples.
Fixed bugs.
Signed-off-by: Zhang Lili [email protected]
Published by llly over 3 years ago
Supported loading enclave at address 0.
Upgraded Intel(R) Quote Verification Enclave to integrate SgxSSL/OpenSSL version 1.1.1k.
Updated the DCAP driver V1.33 with stability fixes, released as V1.33.2. This is to support legacy solutions not ready to transition to the latest DCAP driver V1.41 or kernel 5.11+.
Fixed bugs.
Published by lzha101 over 3 years ago
Upgraded to Intel(R) Integrated Performance Primitives (IPP) Cryptography library version 2020 update 3.
Upgraded Intel(R) SGX Architecture Enclaves based on new IPP crypto library.
Fixed bugs.
Signed-off-by: Zhang Lili [email protected]
Published by llly over 3 years ago
Added more logs in PSW components for identifying issues.
Upgraded OpenSSL and SgxSSL to latest version 1.1.1i in DCAP components.
Added data base migration support in PCCS.
Fixed bugs.
Published by llly almost 4 years ago
Added Ubuntu 20.04 and CentOS 8.2 support.
Added Intel(R) Provisioning Certification Service V3 API support for ECDSA attestation.
Fixed bugs.
Published by llly about 4 years ago
Supported new OS: RHEL 8.2 and SUSE 15.
Provided standalone Intel(R) SGX DCAP Quote verification library installer.
Added Intel(R) SGX DCAP Platform Certificate ID Retrieval Tool and Multi-package Registration Agent (MPA) installers into SGX installation repo.
Fixed bugs.
Published by llly over 4 years ago
Provided a reproducible SDK.
Supported new OS: RHEL 8.1, CentOS 8.1 and Fedora 31.
Supported user to specify platform id in PCK Cert ID Retrieval Tool’s command line option.
Added ability to execute Platform Cert ID Retrieval Tool on multi-package platforms without loading enclaves. PCCS now supports this functionality. The platform still needs to support SGX.
Updated Platform Cert ID Retrieval Tool and Multi-package registration tool to align with BIOS platform manifest changes.
Added .deb and .rpm installers for Platform Cert ID Retrieval Tool and Multi-package Registration Agent.
Fixed bugs.
Published by llly over 4 years ago
Supported to query Intel(R) SGX attestation key ID list.
Fixed bugs.